美国VPS美国云主机安装VPN(pptpd)教程,配置VPN一键脚本

搬瓦工机场JMS

CentOS 6、7下pptp vpn一键安装脚本,安装如下:

wget http://mirrors.linuxeye.com/scripts/vpn_centos.sh

chmod +x ./vpn_centos.sh

./vpn_centos.sh

 

脚本内容如下(vpn_centos.sh):

#!/bin/bash

#

# Author:  安全龙

# Blog:  www.anquanlong.com

#

# Installs a PPTP VPN-only system for CentOS

# Check if user is root

[ $(id -u) != “0” ] && { echo -e “33[31mError: You must be root to run this script33[0m”; exit 1; }

export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

clear

 

[ ! -e ‘/usr/bin/curl’ ] && yum -y install curl

VPN_IP=`curl ipv4.icanhazip.com`

VPN_USER=”anquanlong”

VPN_PASS=”anquanlong”

VPN_LOCAL=”192.168.0.150″

VPN_REMOTE=”192.168.0.151-200″

while :; do echo

read -p “Please input username: ” VPN_USER

[ -n “$VPN_USER” ] && break

done

while :; do echo

read -p “Please input password: ” VPN_PASS

[ -n “$VPN_PASS” ] && break

done

clear

if [ -f /etc/redhat-release -a -n “`grep ‘ 7.’ /etc/redhat-release`” ];then

#CentOS_REL=7

if [ ! -e /etc/yum.repos.d/epel.repo ];then

cat > /etc/yum.repos.d/epel.repo << EOF

[epel]

name=Extra Packages for Enterprise Linux 7 – $basearch

#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch

mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch

failovermethod=priority

enabled=1

gpgcheck=0

EOF

fi

for Package in wget make openssl gcc-c++ ppp pptpd iptables iptables-services

do

yum -y install $Package

done

echo ‘net.ipv4.ip_forward = 1’ >> /etc/sysctl.conf

elif [ -f /etc/redhat-release -a -n “`grep ‘ 6.’ /etc/redhat-release`” ];then

#CentOS_REL=6

for Package in wget make openssl gcc-c++ iptables ppp

do

yum -y install $Package

done

sed -i ‘[email protected]_forward.*@net.ipv4.ip_forward = 1@g’ /etc/sysctl.conf

rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm

yum -y install pptpd

else

echo -e “33[31mDoes not support this OS, Please contact the author! 33[0m”

exit 1

fi

echo “1” > /proc/sys/net/ipv4/ip_forward

sysctl -p /etc/sysctl.conf

[ -z “`grep ‘^localip’ /etc/pptpd.conf`” ] && echo “localip $VPN_LOCAL” >> /etc/pptpd.conf # Local IP address of your VPN server

[ -z “`grep ‘^remoteip’ /etc/pptpd.conf`” ] && echo “remoteip $VPN_REMOTE” >> /etc/pptpd.conf # Scope for your home network

if [ -z “`grep ‘^ms-dns’ /etc/ppp/options.pptpd`” ];then

cat >> /etc/ppp/options.pptpd << EOF

ms-dns 223.5.5.5 # Aliyun DNS Primary

ms-dns 114.114.114.114 # 114 DNS Primary

ms-dns 8.8.8.8 # Google DNS Primary

ms-dns 209.244.0.3 # Level3 Primary

ms-dns 208.67.222.222 # OpenDNS Primary

EOF

fi

echo “$VPN_USER pptpd $VPN_PASS *” >> /etc/ppp/chap-secrets

ETH=`route | grep default | awk ‘{print $NF}’`

[ -z “`grep ‘1723 -j ACCEPT’ /etc/sysconfig/iptables`” ] && iptables -I INPUT 4 -p tcp -m state –state NEW -m tcp –dport 1723 -j ACCEPT

[ -z “`grep ‘gre -j ACCEPT’ /etc/sysconfig/iptables`” ] && iptables -I INPUT 5 -p gre -j ACCEPT

iptables -t nat -A POSTROUTING -o $ETH -j MASQUERADE

iptables -I FORWARD -p tcp –syn -i ppp+ -j TCPMSS –set-mss 1356

service iptables save

sed -i ‘s@^-A INPUT -j REJECT –reject-with icmp-host-prohibited@#-A INPUT -j REJECT –reject-with icmp-host-prohibited@’ /etc/sysconfig/iptables

sed -i ‘s@^-A FORWARD -j REJECT –reject-with icmp-host-prohibited@#-A FORWARD -j REJECT –reject-with icmp-host-prohibited@’ /etc/sysconfig/iptables

service iptables restart

chkconfig iptables on

service pptpd restart

chkconfig pptpd on

clear

echo -e “You can now connect to your VPN via your external IP 33[32m${VPN_IP}33[0m”

echo -e “Username: 33[32m${VPN_USER}33[0m”

echo -e “Password: 33[32m${VPN_PASS}33[0m”

手动安装,以下按步骤配置

1. 环境说明

面对天朝强大的GFW,我们能做的只有翻墙,下面列举安装翻墙软件的环境.

美国VPS、美国云主机、Linode VPS

CentOS 5.6

pptpd 1.3.4

因为pptpd需要MPPE的支持,所以首先检测系统是否符已经编译了MPPE,执行如下shell,如果返回CONFIG_PPP_MPPE=y表示可以安装pptpd,如果没有请更换版本.

zgrep MPPE /proc/config.gz
2. 安装安装pptpd

pptpd需要iptables支持,所以需要安装iptables.如果您的服务器上已经安装了iptables,默认系统一般都已经安装成功,那么只安装pptpd.

由于pptp没有存放在CentOS的源中,所以用yum命令安装返回的是找不到安装包.

安装pptp需要使用rpm命令直接从网站上下载并安装,这里要注意的是,pptp分为32bit版和64bit版,大家可以根据需要下载.

rpm -ivh http://acelnmp.googlecode.com/fi … -1.rhel5.1.i386.rpm
rpm -ivh http://acelnmp.googlecode.com/fi … .rhel5.1.x86_64.rpm
3.设置pptpd解析用的dns(把ms-dns前的#号去掉,#号代表注释,填上opendns的服务器地址)

vi /etc/ppp/options.pptpd
ms-dns 208.67.222.222
ms-dns 208.67.220.220
4.设置拨号时候用的:用户名、拨号方式、用户密码、来源ip地址(用户名和密码可以随便设置,拨号方式只能填pptpd,来源ip用*号代表不限制)

vi /etc/ppp/chap-secrets
linuxeye pptpd 123456 *
5.设置本地ip和远端ip(本地ip就是你等一下建立拨号后分配给你的,远端ip是分配给服务器的)

vi /etc/pptpd.conf
localip 192.168.1.1
remoteip 192.168.1.2-20
6.设置ip转发状态为生效,然后立即载入(和第9步的NAT转发有关)

vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p
7.启动pptpd服务,并且设置为开机启动

/sbin/service pptpd start
chkconfig pptpd on
8.启动iptables规则,设置NAT转发,然后保存

/sbin/service iptables start
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE
service iptables save
配置过程中问题如下:

1. 启动防火墙报错Setting chains to policy ACCEPT: security raw nat mangle fi[FAILED]

问题主要是iptables版本和内核对不上导致的,linode使用的是自己修改过的内核.

第一个问题的修复需要在/etc/init.d/iptables,找到set_policy函数,添加一个security选项,如下123-128行.

120 for i in $tables; do
121 echo -n “$i ”
122 case “$i” in
123 security)
124 $IPTABLES -t security -P INPUT $policy
125 && $IPTABLES -t security -P OUTPUT $policy
126 && $IPTABLES -t security -P FORWARD $policy
127 || let ret+=1
128 ;;
129 raw)
130 $IPTABLES -t raw -P PREROUTING $policy
131 && $IPTABLES -t raw -P OUTPUT $policy
132 || let ret+=1
133 ;;
2. 配置好后,一直不能拨号成功

开始在公司一直不能拨号成功,然后用手机成功,Google后发现是PPTP穿透没有开启,这个一定要开启。

未经允许不得转载:美国VPS_搬瓦工CN2 GIA VPS » 美国VPS美国云主机安装VPN(pptpd)教程,配置VPN一键脚本

赞 (0) 打赏

评论 0

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏